- authentication against AD using Winbind and Kerberos- allowing local and remote (SSH) authentication to members of a specific AD group (linuxadmin)- allowing members of linuxadmin to use sudo- UID/GID mapping against AD- user homedir will be created at first log using pam_mkhomedir- still possible to log in using local accounts, in case AD is unavailable